NASA says laptop with space station control codes was stolen

This photograph taken in May shows the International Space Station and the space shuttle Endeavour.

WASHINGTON — A stolen US space agency laptop containing codes that control the International Space Station did not put the orbiting lab in peril, a NASA spokesman said on Friday.

The unencrypted notebook computer went missing in March 2011 and "resulted in the loss of the algorithms used to command and control the International Space Station", NASA Inspector General Paul Martin told lawmakers this week.

But the US space agency insisted that international astronauts were never at risk aboard the research outpost.

"NASA takes the issue of IT security very seriously, and at no point in time have operations of the International Space Station been in jeopardy due to a data breach," spokesman Trent Perrotto said.

The theft was alerted to Congress on Wednesday along with 5408 computer security "incidents" that resulted in unauthorised access to NASA systems or installation of malicious software in the past two years, Martin said.

"Our review disclosed that the intruders had compromised the accounts of the most privileged JPL users, giving the intruders access to most of JPL's networks," he added in testimony to the House Science, Space and Technology subcommittee.

"In other words, the attackers had full functional control over these networks."

To better guard against such attacks, "NASA needs to improve agency-wide oversight of the full range of its IT assets," and must encrypt more of its mobile and laptop devices, of which just one per cent are currently encrypted, he said.

Until then, NASA "will continue to be at risk for security incidents that can have a severe adverse effect on Agency operations and assets".

NASA's spokesman said in response that the space agency is in the process of implementing his recommendations and has made "significant progress to better protect the agency's IT systems".